SSH Handshake Error When Trying to Build CentOS Stream 9 Image (using amazon-ebs plugin) #11958
Comments
|
Hi @erinf-wolf thanks for reaching out. I updated your description a bit to fix the build log formatting. Quickly looking at the logs I see you're referencing version 1.8.3 for your environment. But it looks like you are actually running Packer 1.8.1. It might not be an issue but its helpful to provide the logs for both version if testing old and new. That said, for Centos distros I believe the username is "centos" and not "ecs-user", which is used for Amazon Linux boxes. Have you tried using a different username? Using the AMI id from your logs I am able to provision using the centos username. AMI ID in provided logs Results of my local test running Packer 1.8.3 with packer-plugin-amazon_v1.1.3_x5.0_darwin_amd64 Below is another build setting Below is my full HCL template for reference packer {
required_plugins {
amazon = {
source = "github.com/hashicorp/amazon"
version = ">=v1.1.2"
}
}
}
source "amazon-ebs" "basic-example" {
region = "us-west-2"
spot_price = "0"
source_ami = "ami-0f071d403de89e97e"
instance_type = "t2.small"
ssh_username = "centos"
ssh_agent_auth = false
temporary_key_pair_type = "ed25519"
ami_name = "packer_AWS {{timestamp}}"
}
build {
sources = [
"source.amazon-ebs.basic-example"
]
provisioner "shell" {
inline = ["cat /etc/redhat-release", "echo -n Contents of key file", "cat ~/.ssh/authorized_keys"]
}
} |
|
Ah excellent, thanks so much! It must be a username issue since indeed bug should be fixed since 1.8.1 ... Yep I tried both 1.8.3. and 1.8.1. and had same result My team will retry build + close ticket once confirming works! Note this might take a week or a bit longer as started work on another task, another developer from my team will be the one to check it + close this issue. |
|
Sounds good @erinf-wolf. Thanks for the update. |
|
Hi, This issue has not received any update in the last 3 weeks, and will automatically be closed in 7 days if it does not receive any activity by then. If you find the community forum to be more helpful or if you've found the answer to your question elsewhere please feel free to post a response and close the issue. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Overview of the Issue
Running into the same issue as in prev issue: #11656
It's caused by security settings in CentOS Stream 9 (and other modern distros) that disallow incoming rsa connections that utilize a key with SHA-1 signature. This was caused by an issue in the Go crypto package, although @nywilken mentioned the latest version of packer is now built using a version of Go that has the fix for this ... #8609 (comment)
However, using that version (1.8.1) and latest version (1.8.3), my build still fails. I'm using the latest version of amazon-ebs plugin 1.3.1 and made sure to manually uninstall and reinstall it as well. If this issue is specific to amazon-ebs I can open an issue on that repo.
Note I am using the correct ssh username
ec2-userReproduction Steps
Try to run a build with a centos stream 9 image such as
Packer version
From
packer version1.8.3
Simplified Packer Template
I can post if needed, I am avoiding so I don't have to sanitize it to remove personal info
It's very simple and works for all my other rpm based builds. Literally just launch the build and run a provisioner to update the packages with dnf. But never gets to that point anyways since can't connect
Operating system and Environment details
MacOS monterey 12.5.1
Using a very old version of Make to call the packer command but don't think that will change anything
Log Fragments and crash.log files
sanitized the log a bit to remove ip addresses and some other personal info
Build Log
The text was updated successfully, but these errors were encountered: